我有一个 Debian Lenny Web 服务器。它运行的是带有 libapache2-mod-suphp 的 apache2。不幸的是,suphp 使得无法使用 phpmyadmin,因为 phpmyadmin 安装在 /usr/share/phpmyadmin 中并由 root 拥有,而且 suphp 会在此目录中禁用其引擎:
$ cat /etc/apache2/mods-enabled/suphp.conf
<IfModule mod_suphp.c>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
</IfModule>
在使用 suphp 时,是否有可能启用系统 phpmyadmin(可能通过标准 libapache2-mod-php5)?如何操作?
答案1
在 /etc/apache2/mods-available/suphp.conf 中有以下两行:
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
应改为:
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-suphp
然后,在 /etc/suphp/suphp.conf 行中
application/x-httpd-php=php:/usr/bin/php-cgi
应改为:
application/x-httpd-suphp=php:/usr/bin/php-cgi
然后,/etc/apache2/mods-available/php5.conf 的内容应该从以下内容更改为:
<IfModule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</IfModule>
到:
<Directory /usr/share>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</IfModule>
</Directory>
这样,所有 php 脚本都会被分配 x-httpd-suphp 类型,由 suphp 处理。由于 /usr/share 中的文件禁用了 suphp,因此在此目录的 php5.conf 中,php 脚本的类型为 x-httpd-php,并由 mod_php5 处理。这样,除了 /usr/share 中系统安装的脚本外,其他所有脚本都会保留 suphp。
答案2
自最初回答以来,配置文件已经发生了变化。
这些文件不再需要更改:
/etc/apache2/mods-available/suphp.conf
/etc/suphp/suphp.conf
这个文件:
/etc/apache2/mods-available/php5.conf
只需要<Directory /usr/share>
当前文件的包装器。
例如:
<Directory /usr/share>
{original php5.conf contents}
</Directory>
== 文件的当前副本 ==
NAME="Ubuntu"
VERSION="14.04.5 LTS, Trusty Tahr"
Linux anon 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@local [~]# cat /etc/apache2/mods-available/suphp.conf
<IfModule mod_suphp.c>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler application/x-httpd-suphp
</FilesMatch>
suPHP_AddHandler application/x-httpd-suphp
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
# suPHP_ConfigPath /etc/php5/cgi/suphp/
suPHP_ConfigPath /etc/php5/apache2
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
root@local [~]# cat /etc/suphp/suphp.conf
[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=www-data
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path="/bin:/usr/bin"
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
application/x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
root@local [~]# cat /etc/apache2/mods-available/php5.conf
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Order Deny,Allow
Deny from all
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
Order Deny,Allow
Deny from all
</FilesMatch>
# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_flag engine Off
</Directory>
</IfModule>
答案3
fwiw 在 ubuntu 12.04 上我采取了以下步骤:添加
:/usr/share/phpmyadmin
到 /etc/suphp/suphp.conf 中 docroot 的末尾
添加
<Directory /usr/share/phpmyadmin>
suPHP_Engine on
</Directory>
到 /etc/apache2/mods-enabled/suphp.conf
创建了新的虚拟主机
<VirtualHost *:80>
ServerName phpmyadmin.example.com
DocumentRoot /usr/share/phpmyadmin
DirectoryIndex index.php
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
</Directory>
<directory /usr/share/phpmyadmin/setup>
Order Deny,Allow
Deny from All
</directory>
<directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</directory>
</VirtualHost>
做过
chown pmauser:pmauser /usr/share/phpmyadmin
chown pmauser:pmauser /usr/share/phpmyadmin/*.php
chmod og-r /usr/share/phpmyamdin
chmod og-r /usr/share/phpmyamdin/*.php
这使得它基本能够正常工作。
我一直无法弄清楚如何消除要求输入 blowfish_secret 的错误消息。Ubuntu 将配置文件分散在几个目录中,并且它们的 /etc/phpmyadmin/apache.conf 有
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
我不愿意将所有这些路径添加到 suphp docroot,并且 pma 无法识别 /usr/share/phpmyadmin/config.inc.php